our CERTIFICATIONS

Let's stay protected

Learn how we protect ourselves and our clients to ensure we all stay safe

Compliance Certifications

HIPAA Compliance
PCI-DSS-BW

Cloud Provider Certifications

ISO 27001-BW
CSA Star BW
ISO 27017-BW
ISO 27018-BW
socforserviceorganizationslogosos_bw2
HIPAA

HIPAA

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) regulates protecting the privacy and security of health information.

Gryphon can support HIPAA-related customer data after a Business Associate Agreement (BAA) has been properly executed with Gryphon.

PCI-DSS
ISO 27001
ISO 27017
ISO 27018
SOC 1
SOC 2
SOC 3
CSA Star
POLICIES

Data Security

Data Retention and Disposal

Data Retention and Disposal

Gryphon only retains personal data for the purpose of delivering services pursuant to client agreements, and compliance with all applicable laws and regulations. Personal data is disposed of when no longer required to meet contractual or legal obligations.

Data Encryption
Data Loss Prevention

Network and Infrastructure Security

Infrastructure

Infrastructure
Security

Gryphon infrastructure is deployed using best practices for hardening systems including vulnerability scanning, security patching, secure coding practices, CIS standards for password strength and rotation, role-based access control, and removal of all default, shared, and/or unnecessary administrative and privileged service accounts. Access to all Gryphon infrastructure requires the use of an encrypted VPN with multi-factor authentication.

Network
Physical
Business Continuity & DR
Wireless Networks
Separate Environments

Product and Application Security

Access Control

Access Control

Gryphon employs Role-Based Access Control (RBAC) for all information and IT assets across the company. Access levels are granted based on job responsibilties using the principle of least privilege, with access modified or revoked as needed when an employee's job responsibilities change. Entitlements are directory-managed, and reviews are conducted on a recurring basis. CIS Standards are applied to password strength and rotation requirements, and multi-factor authentication is in-place where supported.

Audit Logging
SDLC
Vulnerability & Patch Mgmt
Single Sign-on

Corporate Security

Device Mgmt

Mobile Device Management

Gryphon utilizes enterprise mobile device management (MDM) solutions that enforce endpoint protection policies, local drive encryption, password strength and rotation requirements, idle time screen lock, and remote wipe capabilities on all employee workstations. Gryphon does not allow access to product infrastructure via mobile phones.

Endpoint Protection
Employee Training
Human Resources
Incident Response
Info Sec. Standards

Reports

Penetration Test Report

Penetration Test Report

Gryphon employs third party security vendors to perform Security, Vulnerability and Penetration testing for our products. Scans are performed in accordance with compliance requirements, and findings are remediated according to their severity and impact. An Executive Summary of our most recent external penetration test may be requested by emailing Trust@gryphon.ai (NDA Required).

Legal

Privacy Policy

Privacy Policy

Visit gryphon.ai to view Gryphon's Comprehensive Privacy Policy.

Terms of Service
Data Security and PCI